By the very nature of its size and value, a superyacht carries very sensitive information relevant to its operation, ownership and charter clients, through to its crew's personal information and movements. With these yachts increasing in technical complexity, and increasingly reliant upon advanced IT systems to operate and maintain them, it is key for those individuals tasked with yacht operation to know how to stay alert and cyber safe.

A large majority of cyber security incidents experienced by organisations are caused by their own employees. Often regarded by cyber criminals as an organisation’s weakest link, staff can accidentally or deliberately introduce cyber risks to a business and critical assets, and a yacht’s crew and management team carry the same threat. But with the right training, employees can be transformed from a vulnerability into an asset by increasing their awareness of threats, increasing their vigilance and conditioning them to report incidents and suspicious activity.

JWC Superyachts has launched a GCHQ-accredited Superyacht Cyber Training course (SYCT) that is a yacht-specific hybrid of the MCA-recognised Maritime Cyber Security Awareness (MCSA) education course. The online course is built against the IMO directives on cyber security, which come into force in 2021, and follows the BIMCO cyber security guidelines to ship owners. It is aimed at all computer users relating to superyacht operation, including crew and shoreside management, and will help contribute to a yacht’s overall cyber-risk management programme. 

With the right training, employees can be transformed from a vulnerability into an asset by increasing their awareness of threats, increasing their vigilance and conditioning them to report incidents and suspicious activity...

Delivered through the JWC Superyachts’ integrated learning platform, the online course teaches participants in non-technical language to identify common cyber-attack methods and techniques, as well as an understanding of the insider threat from poor practice. For example, cyber criminals can design malware to destroy critical files, secretly eavesdrop on activity or disrupt business critical IT/OT systems. Few computer users would voluntarily download malware that could compromise their system, therefore attackers typically disguise it to appear legitimate, using numerous methods – the course explains these methods to the participant.

As the human element remains one of the weakest defences into these systems, crewmembers are much more likely to be targeted by cyber-attackers than the technology systems themselves. The course explains that, instead of struggling to find a way to 'hack' through advanced system defences, today's attackers will rather acquire access by using a crewmember's login or email. Social media and email offer a great platform for cyber-attackers to gather intelligence, plan their attacks and gain access to the yacht's operator.

The course also reveals the practical steps that can be taken against identified threats, as well as advising on preventative measures. One important conclusion drawn from the course is to ensure that any computer on board has the most up-to-date antivirus software; not having it is the equivalent of transiting through pirate-infested waters with no adequate protection measures. The final course assessment is undertaken on completion of all modules and, if successful, participants will receive a GCHQ-accredited and MCA-recognised eCertificate to print and display.

As employees can be a yacht's biggest vulnerability in the cyber sphere, cultural changes are needed on board most yachts to ensure cyber best practice is at the forefront of all crewmembers' minds. With maritime cyber crime at an all-time high, and cyber criminals systematic in their search for profit and disruption to operations and day-to-day life, cyber-security awareness has never been more important in the yachting community. As yachts invest in more connectivity, it is likely that the industry will also need to invest in educating those on board about minimising the increasing risk of cyber attacks.

Click here to become part of The Superyacht Group community, and join us in our mission to make this industry accessible to all, and prosperous for the long-term. We are offering access to the superyacht industry’s most comprehensive and longstanding archive of business-critical information, as well as a comprehensive, real-time superyacht fleet database, for just £10 per month, because we are One Industry with One Mission. Sign up here.